CCSWebsite/auth/login.php

<?php 
 session_start(); // 确保会话启动 
 require './config.php'; 
 
 if (!isset($conn)) { 
     die("连接失败：\$conn 未定义"); 
 } 
 
 if ($_SERVER['REQUEST_METHOD'] == 'POST') { 
     $username = isset($_POST['username']) ? trim($_POST['username']) : ''; 
     $password = isset($_POST['password']) ? $_POST['password'] : ''; 
 
     if (empty($username) || empty($password)) { 
         echo "用户名和密码不能为空，请重新输入。"; 
         exit(); 
     } 
 
     // 修改查询语句，将 created_at 替换为 register_time
     $stmt = $conn->prepare("SELECT id, username, password, register_time, level FROM users WHERE username = ?"); 
     if (!$stmt) { 
         echo "数据库查询准备失败: " . $conn->error; 
         exit(); 
     } 
     $stmt->bind_param("s", $username); 
     if (!$stmt->execute()) { 
         echo "数据库查询执行失败: " . $stmt->error; 
         $stmt->close(); 
         exit(); 
     } 
     $stmt->store_result(); 
     // 修改绑定结果，将 created_at 替换为 register_time
     $stmt->bind_result($id, $db_username, $hashed_password, $register_time, $current_level); 
     $stmt->fetch(); 
 
     if ($stmt->num_rows > 0 && password_verify($password, $hashed_password)) { 
         // 如果用户已经是等级 4，跳过等级更新 
         if ($current_level == 4) { 
             $level = 4; 
         } else { 
             // 计算等级，将 created_at 替换为 register_time
             try { 
                 $registration_date = new DateTime($register_time); 
                 $now = new DateTime(); 
                 $interval = $registration_date->diff($now); 
 
                 if ($interval->m >= 6) { 
                     $level = 3; // 6 个月到 1 年 
                 } elseif ($interval->m >= 1) { 
                     $level = 2; // 1 个月到 6 个月 
                 } else { 
                     $level = 1; // 不足 1 个月 
                 } 
             } catch (Exception $e) { 
                 echo "日期计算出错: " . $e->getMessage(); 
                 $stmt->close(); 
                 exit(); 
             } 
         } 
 
         // 更新等级到数据库 
         if ($level != $current_level) { 
             $update_stmt = $conn->prepare("UPDATE users SET level = ? WHERE id = ?"); 
             if (!$update_stmt) { 
                 echo "数据库更新准备失败: " . $conn->error; 
                 $stmt->close(); 
                 exit(); 
             } 
             $update_stmt->bind_param("ii", $level, $id); 
             if (!$update_stmt->execute()) { 
                 echo "数据库更新执行失败: " . $update_stmt->error; 
                 $update_stmt->close(); 
                 $stmt->close(); 
                 exit(); 
             } 
             $update_stmt->close(); 
         } 
 
         // 存储用户信息到会话 
         $_SESSION['user_id'] = $id; 
         $_SESSION['username'] = $db_username; 
 
         // 生成 Token 
         $token = bin2hex(random_bytes(32)); // 生成一个唯一的 Token 
 
         // 将 Token 存储到数据库 
         $stmt = $conn->prepare("UPDATE users SET token = ? WHERE id = ?"); 
         if (!$stmt) { 
             echo "数据库更新 Token 准备失败: " . $conn->error; 
             exit(); 
         } 
         $stmt->bind_param("si", $token, $id); 
         if (!$stmt->execute()) { 
             echo "数据库更新 Token 执行失败: " . $stmt->error; 
             $stmt->close(); 
             exit(); 
         } 
 
         // 设置 Token 到 Cookie 
         setcookie('auth_token', $token, time() + 3600, '/', '', false, true); // 设置 Cookie，有效期为 1 小时 
 
         // 跳转到控制台页面并附加参数 
         header("Location: ../console/index.php?login=success"); 
         exit(); 
     } else { 
         echo "用户名或密码错误，请重新输入。"; 
     } 
 
     $stmt->close(); 
 } 
 $conn->close();